feat(decopilot): add tool approval workflow

[tlgimenes]

What is this contribution about?

This PR implements a tool approval workflow for decopilot, allowing users to control when tools execute by requiring explicit approval. This feature integrates with AI SDK 6's built-in approval flow and provides three approval levels:

• None: Require approval for all tool calls (most restrictive)
• Readonly: Auto-approve tools marked as read-only, require approval for write operations
• YOLO: Execute all tools without approval (least restrictive)

The implementation includes:

• Server-side approval infrastructure with toolApprovalLevel parameter
• Client-side approval UI with approve/deny buttons
• Thread status resolution for approval-requested state
• User preferences integration for approval level selection
• Comprehensive test coverage (23 tests)

Screenshots/Demonstration

N/A - This is a backend/workflow feature. The UI changes are minimal (approve/deny buttons appear when tools need approval).

How to Test

1. Set approval level to "none":

   • Click settings icon in chat
   • Go to "Tool Approval" section
   • Select "None" (require approval for all tools)

2. Trigger a tool call:

   • In chat, ask: "Search for available agents"
   • The agent will attempt to call the agent_search tool

3. Verify approval workflow:

   • Tool call should show "Waiting for approval" status
   • Approve/Deny buttons should appear
   • Click "Approve"
   • Tool should execute and return results

4. Test readonly mode:

   • Change approval level to "Read-only"
   • Ask: "Search for available agents" (read-only tool)
   • Tool should auto-execute without approval
   • Ask: "Create a subtask" (write tool)
   • Tool should require approval

5. Test YOLO mode:

   • Change approval level to "YOLO"
   • All tools should execute immediately without approval

6. Verify thread status:

   • Check that thread status is "requires_action" when approval is pending
   • Check that status changes to "completed" after approval/denial

Migration Notes

N/A - No database migrations or configuration changes required. The feature uses existing AI SDK 6 approval mechanisms.

Review Checklist

• PR title is clear and descriptive
• Changes are tested and working (23 tests passing)
• Documentation is updated (inline code comments)
• No breaking changes (fully backward compatible)

Additional Notes

Architecture decisions:

• Approval enforcement is handled by AI SDK 6 client-side (standard pattern)
• Default approval level is "none" (secure by default)
• Built-in tools (subtask, agent_search) support approval via needsApproval parameter
• MCP tools inherit approval level via toolsFromMCP() conversion

Known limitations:

• Approval is client-side only (relies on AI SDK enforcement)
• No audit logging for approval events (planned for follow-up)
• No server-side policy enforcement (planned for follow-up)

Follow-up work:

• Add audit logging for approval/denial events
• Add component tests for ApprovalActions
• Add integration tests for end-to-end approval flow
• Consider adding approval timeout handling

---

Summary by cubic

Adds a tool approval workflow to Decopilot so users can approve or deny tool runs. Supports None, Read-only, and YOLO modes with a simple UI, user preference, end-to-end AI SDK 6 approvals, and clearer tool call details.

• New Features

  • Server: toolApprovalLevel ("none" | "readonly" | "yolo") with toolNeedsApproval; applies needsApproval to built-in and MCP tools (uses readOnlyHint); supports execution-denied outputs; sets thread status to requires_action on approval-requested and to failed on stream errors.
  • UI: Approve/Deny buttons on tool calls with auto-send when approval responses are present; Tool Approval setting in User Settings; hides warnings while waiting for approvals; shows denied state; improves tool detail formatting with Markdown headers.
  • Tests: Unit tests for approval logic and thread status resolution.

• Refactors

  • Rename skills plan-critique → review-plan and review-critique → review-pr; remove plan-with-critique.

^{Written for commit 6d04e1b. Summary will update on new commits.}

[github-actions]

🧪 Benchmark

Should we run the Virtual MCP strategy benchmark for this PR?

React with 👍 to run the benchmark.

Reaction	Action
👍	Run quick benchmark (10 & 128 tools)

Benchmark will run on the next push after you react.

[github-actions]

Release Options

Should a new version be published when this PR is merged?

React with an emoji to vote on the release type:

Reaction	Type	Next Version
👍	Prerelease	2.98.1-alpha.1
🎉	Patch	2.98.1
❤️	Minor	2.99.0
🚀	Major	3.0.0

Current version: 2.98.0

Deployment

• Deploy to production (triggers ArgoCD sync after Docker image is published)

[cubic-dev-ai]

1 issue found across 25 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="apps/mesh/src/api/routes/decopilot/helpers.ts">

<violation number="1" location="apps/mesh/src/api/routes/decopilot/helpers.ts:67">
P2: Defaulting toolApprovalLevel to "yolo" means any caller that omits the level (e.g., the subtask subagent loader) will auto-approve all MCP tools, bypassing the approval workflow. Consider defaulting to the safest level so approvals aren’t skipped when a caller forgets to pass the level.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}